Azoundria: Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ethereumzerotransferaddresspollutionphishingtwice.php}} {{Unattributed Sources}} Ethereum Address PoisoningAn Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent fun..."

2025-08-27T21:41:12Z

Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ethereumzerotransferaddresspollutionphishingtwice.php}} {{Unattributed Sources}} thumb|Ethereum Address PoisoningAn Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent fun..."

New page

{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/ethereumzerotransferaddresspollutionphishingtwice.php}}
{{Unattributed Sources}}

[[File:Ethereumaddresspoisoning.jpg|thumb|Ethereum Address Poisoning]]An Ethereum address fell victim to an address pollution phishing attack. The attacker created a similar-looking wallet address to impersonate the intended recipient’s address. Due to the visual similarity, the victim mistakenly sent funds to the attacker’s wallet instead of the legitimate one. As a result, at least $843,166.84 USD in USDT was lost, with another transfer of over $1.75 million also recorded to the attacker’s address. The incident was reported by TenArmor, and there is no indication that any of the stolen funds have been recovered.
<ref name="tenarmortweet-20795" /><ref name="perpetrator-20796" /><ref name="phishedtransaction-20797" /><ref name="peckshieldtweet-20798" /><ref name="secondphishedtransaction-20799" /><ref name="aegisweb3tweet-20800" /><ref name="scamretrievaltweet-20801" /><ref name="web3watchdogtweet-20802" /><ref name="realscamsniffertweet-20803" /><ref name="victimwallet1-20804" /><ref name="victimwallet2-20805" /><ref name="victimwalletfunding-20806" />

== About The Ethereum Victim ==
The victim exists at Ethereum address 0x86C0300Fc369E54d22512564Cc0e8CC261102604.

== The Reality ==
Unfortunately, it is easy to get fooled by incorrect addresses. Creating addresses which appear similar to legitimate addresses is not that challenging. It is important to always verify all addresses.

== What Happened ==
The victim mistakenly sent over $2.5 million in USDT to a phishing address that closely resembled the intended recipient’s, due to an address pollution phishing attack.
{| class="wikitable"
|+Key Event Timeline - Ethereum ZeroTransfer Address Pollution Phishing Twice
!Date
!Event
!Description
|-
|May 25th, 2025 2:10:59 AM MDT
|Victim Ethereum Wallet Created
|The victim's ethereum wallet is first funded.
|-
|May 25th, 2025 5:48:23 PM MDT
|Phishing Transaction Occurs
|A transaction for 843,166.835945 USDT sent to the phisher.
|-
|May 25th, 2025 6:00:00 PM MDT
|Real Scam Sniffer Tweet
|Real Scam Sniffer posts about the exploit, with just one transaction included.
|-
|May 25th, 2025 8:43:00 PM MDT
|Incident Post By TenArmor
|TenArmor creates a post reporting on the attack, with links to information about the relevant transactions.
|-
|May 25th, 2025 9:38:59 PM MDT
|Second Tricked Phishing Transaction
|A second transfer of 1,754,893.457191 USDT is also found to the same perpetrator.
|-
|May 25th, 2025 11:46:00 PM MDT
|PeckShield Reports Larger Loss
|PeckShield reports on the incident with a total loss of $1.7m reported.
|-
|May 26th, 2025 1:17:00 AM MDT
|AegisWeb3 Reporting Post
|AegisWeb3 reports with both phishing transactions included for a total loss of $2.6m.
|}

== Technical Details ==
The attack took place through address pollution phishing. Address pollution phishing is a type of cyberattack where scammers flood blockchain addresses with tiny, unsolicited transactions to obscure legitimate activity or manipulate data analysis. This tactic can be used to confuse users, overload transaction histories, or mask fraudulent behavior by making it harder to trace real transactions. Often seen in Web3 environments, address pollution phishing can also serve as a distraction while more serious phishing or scamming attempts occur elsewhere.

In this case, the victim intended to send their funds to the wallet address 0x4668d1fe87444a4d7508e83c89bfdaf1117e6b76. However, an attacker was successfully able to create a new wallet address 0x4668EE748c88DA4FEc595773b22f96f366eD6B76, and interact with their Ethereum wallet. The victim accidentally confused the wallet addresses and sent their funds to the attacker's wallet.

== Total Amount Lost ==
TenArmor has estimated the amount of the loss at $843,166.84 USD. The blockchain shows that 843,166.835945 USDT were sent to the perpetrator address. However, a second transfer of 1,754,893.457191 USDT is also found to the same perpetrator.

The total amount lost has been estimated at $2,598,000 USD.

== Immediate Reactions ==
The attack was reported on by TenArmor a few hours later. It is unclear how the victim reacted.

== Ultimate Outcome ==
It does not appear likely that any funds will be recovered.

== Total Amount Recovered ==
There is no evidence that any funds have been able to be recovered.

There do not appear to have been any funds recovered in this case.

== Ongoing Developments ==
There is limited information about any investigation or recovery that may be underway.
== Individual Prevention Policies ==
{{Prevention:Individuals:Placeholder}}

{{Prevention:Individuals:End}}

== Platform Prevention Policies ==
{{Prevention:Platforms:Placeholder}}

{{Prevention:Platforms:End}}

== Regulatory Prevention Policies ==
{{Prevention:Regulators:Placeholder}}

{{Prevention:Regulators:End}}

== References ==
<references><ref name="tenarmortweet-20795">[https://twitter.com/TenArmorAlert/status/1926831552261914891 TenArmor - "Our system has detected a suspicious Address Pollution Phishing attack on #ETH, causing an estimated loss of $843,166.84." - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="perpetrator-20796">[https://etherscan.io/address/0x4668EE748c88DA4FEc595773b22f96f366eD6B76 The Perpetrator's Ethereum Address - Etherscan] (Accessed Jul 31, 2025)</ref>

<ref name="phishedtransaction-20797">[https://etherscan.io/tx/0xf55a4ed3cdb8bdadbe8f23d87cb52231b92357ad95ff41c97c211e5612aa9c2d The First Phishing Transaction - Etherscan] (Accessed Jul 31, 2025)</ref>

<ref name="peckshieldtweet-20798">[https://twitter.com/PeckShieldAlert/status/1926877652985495865 PeckShield - "#PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="secondphishedtransaction-20799">[https://etherscan.io/tx/0xfbac8a7f99c188ceb38bd6e5d9b12b2e88b4ad79d06625be86521fe5e986f156 The Second Phishing Transaction - Etherscan] (Accessed Jul 31, 2025)</ref>

<ref name="aegisweb3tweet-20800">[https://twitter.com/AegisWeb3/status/1926900530976080183 AegisWeb3 - "Scammed Twice in 5 Hours: Victim Loses $2.6M USDT in ZeroTransfer Attack. In a shocking repeat incident, a victim fell prey twice to the same #ZeroTransfer scam within just 5 hours — losing a total of $2.6M USDT." - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="scamretrievaltweet-20801">[https://twitter.com/Scamretrieval_X/status/1933998767566676398 ScamRetrieval - "victim:...wrong address:...correct address:" - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="web3watchdogtweet-20802">[https://twitter.com/web3_watchdog/status/1926878020775665806 Web3Watchdog - "PeckShieldAlert: #PeckShieldAlert A #ZeroTransfer scammer grabbed ~1.7M $USDT from 0x86C0...2604." - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="realscamsniffertweet-20803">[https://twitter.com/realScamSniffer/status/1926790455649263849 Real Scam Sniffer - "8 minutes ago, a victim lost $843,166 by copying the wrong address from a contaminated transfer history." - Twitter/X] (Accessed Jul 31, 2025)</ref>

<ref name="victimwallet1-20804">[https://etherscan.io/address/0x86C0300Fc369E54d22512564Cc0e8CC261102604 The Victim Wallet Address - Etherscan] (Accessed Jul 31, 2025)</ref>

<ref name="victimwallet2-20805">[https://etherscan.io/address/0x4668d1fe87444a4d7508e83c89bfdaf1117e6b76 The Victim's Intended Recipient Address - Etherscan] (Accessed Jul 31, 2025)</ref>

<ref name="victimwalletfunding-20806">[https://etherscan.io/tx/0x2bb1adc93fd4d480935fb81c3cc197272039bb3bf1a5986e7e85e4411f91e701 The Victim Wallet Funding Transaction - Etherscan] (Accessed Jul 31, 2025)</ref></references>

Ethereum ZeroTransfer Address Pollution Phishing Twice - Revision history